Last updated by at .

  • Hyper-V 2016
    What's new in Hyper-V 2016
  • Microsoft Azure
    Microsoft Azure

Tag: System Center

VCNRW Nano Server and Container

Nano Server – The future of Windows Server – Just enough OS

Finally, Microsoft released Windows Server 2016 and with Windows Server 2016 we also get the first version of Nano Server. I had the opportunity to speak on several different events and conferences about Nano Server, so I tried to create a quick summary of my presentation in this blog post.

Nano Server installation option Just enough OS

Nano Server - Just enough OS

Nano Server is a redesign version of Windows Server which is very lightweight, very small footprint and fully remote managed and it is designed to solve some of the datacenter challenges we have today. Nano Server is a headless, 64-bit only deployment option of Windows Server. Microsoft basically removed all components from the base image. Roles and feature are not directly included in the base image and they have to be added while creating a new Nano Server Image or online using PowerShell Package Management. Not even the drivers are included in the base image, since you don’t want the physical drivers in a virtual machines, and you don’t want the virtual drivers on a physical machine This is also the reason why Nano Server does not show up during the installation dialog when you boot the Windows Server 2016 ISO file.

Nano Server Key Scenarios

The first version of Nano Server is designed for the following key scenarios:

  1. Born-in-the-cloud applications – support for multiple programming languages and runtimes. (e.g. ASP.NET Core, C#, Java, Node.js, Python, etc.) running in containers, virtual machines, or on physical servers.
  2. Microsoft Cloud Platform infrastructure – support for compute clusters running Hyper-V and storage clusters running Scale-out File Server and Storage Spaces Direct.
  3. But Microsoft also added some other roles like DNS and IIS to the Nano Server and we can expect more roles and features in the future.

In this version Nano Server will of course not replace Windows Server Core and Windows Server (Full or Server with Desktop Experience), but it will be definitely be they way going forward.

Nano Server Footprint

Nano Server has a very small foot print, The default WIM file has a size around 170 MB and if you create a Nano Server VHD or VHDX file it can be only around 400 MB in size. If you add more roles, features and drivers the size of the image gets bigger, but even if you add more stuff the size will be around 800 MB for an Hyper-V server including the Hyper-V role, Failover Clustering Feature, DCB feature, Physical OEM drivers and additional network adapter and storage controller drivers. If you compare Nano Server to Windows Server you can see some of the following changes:

  • 93 percent lower VHD size
  • 92 percent fewer critical bulletins
  • 80 percent fewer reboots

Nano Server Servicing Improvements

Nano Server Servicing Improvments

Nano Server Deployment Improvements

Nano Server Deployment Improvments

This not only reduced deployment time and gives you some operational improvements, it also reduces the attack surface by a lot and this is a huge security improvement.

To achieve these results, Microsoft removed some parts of Windows Server such as:

  • GUI stack
  • 32 bit support (WOW64)
  • MSI support
  • RDP
  • Some default Server Core components
  • Basic OEM Drivers
  • and more

Nano Server Management

By removing the User Interface stack, Microsoft made this server to a true headless server, without any login screen or RDP support. By removing the Graphic User Interface, Windows Administrator have to learn new ways how they manage servers, or better use existing ways to manage a Nano Server environment. The answer is simple and is the best practice for managing servers for a long time called Remote Management. Nano Server will offer some advanced remote Management features such as:

  • WMI
  • PowerShell Remoting
  • PowerShell Direct
  • PowerShell Desired State Configuration
  • RSAT Tools (Server Manager, Hyper-V Manager, Failover Cluster Manager, …)
  • System Center and other Management tools
  • Server Management Tools (Azure Web-based management tools to replace local inbox management tools)

With that, existing Remote Management Tools, such as Server Manager and other RSAT tools, will continue to work. But Microsoft also improved PowerShell Remoting and introduces the Azure Serivce for Server Management Tools.

Server Management Tools

Microsoft Azure Server Management Tools Topology

This service allows you to manage your servers directly from Azure using a web-based HTML5 portal. I personally think that this could also replace Server Manager and allows you to easily manage non-GUI servers such as Windows Server Core and Nano Server.

Azure Remote Server Management Nano Server

If you want to know more about the Sever Management Tools, check out my blog post: Manage Nano Server and Windows Server from Azure using Remote Server Management Tools

The Server Management Tools do not only support Nano Server, they also support Windows Server 2016, Windows Server 2012 R2 and Windows Server 2012 with WMF 5.0 and higher.

Remote Manage Nano Server with PowerShell

Nano Server PowerShell Remoting

The simplest way to manage Nano Server is by using PowerShell Remoting using for exmaple the following command.

If you are directly on a Hyper-V Server you can also use PowerShell Direct which allows you to directly connect to a Virtual Machine using the Hyper-V VMBus.

If you want to know more about Managing Nano Server check out the following blog posts How to Remote Manage your Nano Server using PowerShell or Hyper-V PowerShell Direct.

Manage Nano Server using System Center

Nano Server can also be managed using System Center Virtual Machine Manager and System Center Operations Manager. With SCVMM you can deploy new Hyper-V and Storage Spaces Direct hosts as well as Virtual Machines.

Deploy Nano Server

To deploy Nano Server as a virtual machine or as a physical host you have to create a new Nano Server Image. For this you have basically have two option. The first one is using the built in Nano Server Image Generator PowerShell module and the second option is the Nano Server Image Builder UI wizard.

Nano Server Image Generator PowerShell module

New-NanoServerImage

The Nano Server Image Generator PowerShell module allows you to create new Nano Server Images. You can find this on the Windows Server 2016 media in the Nano Server folder. Here is a quick example how to create a new VHDX using the PowerShell module.

Nano Server Image Builder

Nano Server Image Builder

The Nano Server Image Builder is a UI based wizard to create Nano Server Images in VHDX, VHD, WIM or ISO to install Nano Server on all possible systems.

The Nano Server Image Builder can help you with the following tasks:

  • Graphical UI to create Nano Server Images
  • Adding drivers
  • Choose Windows Server Edition
  • Adding roles and features
  • Adding drivers
  • Adding updates
  • Configuration of Network Settings
  • Configuration of Domain settings
  • Set Remoting Options
  • Create an ISO file to boot from DVD or BMC (remote connection like HP ILO)

First download and install the Windows Assessment and Deployment Kit (ADK) and the Nano Server Image Builder.

If you need more information about deploying Nano Server check my blog post about Create a Nano Server using the Nano Server Image Builder and How to create a Nano Server Image using PowerShell.

Nano Server Packages

Nano Server Packages

Roles, Features and Drivers live outside of the basic Nano Server Image have to be added while creating the Nano Server Image or after that using PowerShell Package Management.

You can find and install Windows Packages from the online package repository by using the NanoServerPackage provider of PackageManagement (OneGet) PowerShell module.

Troubleshooting Nano Server

Nano Server Recovery Console

Hyper-V Nano Server Console

When you boot Nano Server you can not really login to Nano Server and browse the file system. What you can do is login to the Nano Server Recovery Console which allows you to do some basic tasks:

  • Shows computer info like Name, IP Configuration, OS Version and more
  • Reset Networking to DHCP
  • Reset basic Windows Firewall rules
  • If the Server is a Hyper-V Server you can see the VM running on the system and remove the Virtual Switch

Sysinternals for Nano Server

Sysinternals for Nano Server

There is also a Sysinternals version for Nano Server.

Nano Server over a serial port with Emergency Management Services

Emergency Management Services (EMS) lets you perform basic troubleshooting, get network status, and open console sessions (including CMD/PowerShell) by using a terminal emulator over a serial port. This replaces the need for a keyboard and monitor to troubleshoot a server.

You can include this using the following cmdlets

Nano Server Servicing

Nano Server Servicing

Windows Server are usually from the Long Term Servicing Branch and have 5 + 5 years of servicing and only get security and quality fixes, no new features. In Windows Server 2016 Server Core and Server with Desktop Experience follow this traditional servicing model. Nano Server on the other hand will be in a new servicing branch called Current Branch for Business (CBB).

  • Nano Server will not have an LTSB with Windows Server 2016 and therefore not have 5+5 years of servicing
  • Nano Server installations will have to move forward to future CBB releases of Nano Server to continue to be serviced
  • Licensing Nano Server will require Software Assurance (SA)
  • Installation of new CBBs are always controlled by administrators, no forced upgrades

Nano Server Key Wins

  • Easy and fast to deploy
  • Lightweight
  • Easily integrates with our automated approach
  • Reduces attack surface
  • Works with existing deployment tools (WDS, SCVMM, SCCM and boot from VHDX)
  • Reduces operational overhead
  • Highly stable
  • Delivers on scale and performance

Conclusion

In my opinion the effort Microsoft does with Nano Server really makes sense and will help Service Providers as well as Enterprise companies to deploy clouds even faster, more secure, more efficient and with less management overhead. Of course it is still early and Nano Server may not fit every case and scenario today, but definitely in the future.

 

 

 



Geekmania

Speaking at Geekmania 2016

Today I can announce that I will speak at Geekmania 2016 at Friday 04.11.2016 at the Pathé Dietlikon. I this is the 4th time I am speaking at Geekmania, which is a one day event in Switzerland focusing on real world IT topics and Microsoft technologies.

Marcel Zehner from itnetX and me will speak in several different sessions about Windows Server 2016, System Center 2016, Microsoft OMS and Microsoft Azure Stack.

What's new in Windows Server 2016 Hyper-V

With the next version of Microsoft hypervisor Microsoft released some great new features for your Cloud infrastructure. Come to this session to get the details of all the new stuff that is in Hyper-V and learn about how you can play with it “hands-on.” This session includes also the latest updates from the GA Release.

What’s new in Windows Server 2016 Storage

With the next version of Microsoft hypervisor Microsoft released some great new features for your Cloud infrastructure. Microsoft announced several new feature on Windows Server 2016 including a lot of new Storage features, such as Storage Spaces Direct, ReFS, Storage Replica and much more. In this session you get an overview about the new Storage technologies in Windows Server 2016 and Hyper-V.

Microsoft Azure Stack - Azure for your Datacenter

Get more information about Microsoft Azure Stack and how you can get Azure for your Datacenter.

I hope I see you there!

 



Add Updates to Nano Server Image

Getting started with Windows Server 2016 and System Center 2016

Microsoft announced Windows Server 2016 release at Microsoft Ignite in Atlanta 2 weeks ago. Microsoft released the Evaluation version of Windows Server 2016 which allow you to start play with Windows Server 2016. And today Microsoft announced the GA (General Availability) of Windows Server 2016 and System Center 2016.

Windows Server brings some great new features and possibilities such as Hyper-V, Storage Spaces Direct, Nano Server, Storage Replica and much more.

Here are some information about deployment, upgrading and certification:

Windows Server

If you want to go to production make sure you also install the latest Cumulative Update for Windows Server 2016:

If you want to try Windows Server 2016 you can also do this on Microsoft Azure.

System Center:

 

 

 



5Nine Hyper-V Security Agentless

Secure your Hyper-V environment with 5nine Cloud Security 8.1

In the past years I was building several Hyper-V environments together with Enterprise customers and with service providers. In a lot of cases customer wanted more security in there Cloud and Virtualization environment. Security becoming a even more critical part in your datacenter and with a high virtualization rate, it gets even more critical and complex to manage. Especially when Virtual Machines can move from on cluster to another or from one datacenter to another. 5nine is one of the vendors who has a great solution, for this challenges. A couple of years back I wrote a blog post about 5Nine Cloud Security version 4.0. 5nine Cloud Security is a unified security and compliance solution designed to specifically address every Hyper-V security vulnerability across every virtual resource.

Last week at Microsoft Ignite, Microsoft released Windows Server 2016 and Hyper-V 2016, with that 5nine released 5nine Cloud Security 8.1 which supports Windows Server 2016 and Hyper-V 2016.

5nine Cloud Security has some unique key features to secure your environment.

  • Distributed vFirewall – Secure multi-tenant Hyper-V environment and provide VM isolation
  • Agentless Antimalware Detection – Protect Hyper-V with patent-pending agentless Kaspersky or ThreatTrack antivirus now with Real-Time Malware Detection
  • Enforce security compliance

5Nine Hyper-V Security Agentless

Key features

if you look at it on a security features list, 5nine Cloud Security offers you the following security features:

  • Automatically & Instantly Secure all Virtual Machines, Disks, Networks and Switches
  • Choice of Leading Antivirus Engines
  • Agentless AV – Full Virtual Machine Scans
  • Agentless AV – Real-time HTTP Virus and Malware Detection
  • Hyper-V Optimized Real-time Active Protection Agent
  • Agentless Firewall
    • Granular control over each virtual machine using Hyper-V
    • Extensible Switch, no agent required
    • Configure the Advanced / Full Kernel mode Virtual Firewall for each VM individually
    • MAC Address filtering
    • ARP Rules
    • SPI (stateful packet inspection)
    • Network traffic anomaly analysis
    • Inbound and outbound per VM bandwidth throttling
    • MAC broadcast filtering
    • All filtering events logging with more data (UM logs only contain blocked events)
    • Configure network filtering rules on a per-VM basis
    • Set inbound/outbound traffic limits and bandwidth utilization by virtual machine
  • Agentless Intrusion Detection
  • No need to access Guest OS to manage security
  • Centralized signature management with updates to host only
  • Incremental Fast Scans
  • Offline VM Scanning
  • Avoids Host Scanning Storms
  • Support for Windows Server 2012, 2012 R2 and 2016 Hyper-V
  • Supports any guest OS supported by Windows Hyper-V including Linux
  • Meet the security demands of enterprise, management service providers (MSPs), public sector, and hosting providers who leverage Microsoft’s Hyper-V Server and Cloud Platform
  • Provide the first and only seamless agentless compliance and agentless security solution for the Hyper-V Cloud
  • Deliver multi-layered protection together with integrated, agentless antivirus and intrusion detection capabilities
  • Offer unmatched levels of industry-demanded protection and compliance (including PCI-DSS, HIPAA, and Sarbanes-Oxley)
  • Secure the Cloud environment with anti-virus technology that runs with virtually zero performance impact while simultaneously improving virtual machine density
  • Provide network traffic control between virtual machines
  • Enforce secure multi-tenancy and Virtual Machines Security Groups
  • Provide NVGRE support (Hyper-V Network Virtualization)
  • Support for Microsoft Switch Embedded Teaming
  • PowerShell Module for automation

Integration and offerings

5Nine Hyper-V Security System Center VMM Plugin

5Nine Cloud Security also integrated perfectly in your Microsoft System Center environment using a System Center Virtual Machine Manager plugin.

5nine Cloud Security also offers a Windows Azure Pack Resource Provider to offer self-service to your tenants. Azure Pack (WAP) Extension is the only Security as a Service (SECaaS) solution to protect your datacenter, your customers, and their clouds as a free add-on to 5nine Cloud Security. It is the only way to enable tenants to easily manage their own Windows and Linux security policies through the Azure Pack self-service portal. Now hosting and service providers can secure multi-tenant environments and virtual machines in private, hosted or hybrid scenarios, while giving users the ability to easily configure firewalls, intrusion detection, and more.

Architecture

The installation and the management is so easy, you don’t really need any documentation. That’s how a security product should work, it should not make your environment even more complex it should help you to keep your environment secure without adding extra complexity to it. Is used 5nine for several customer environments.

  • The Management Service – This would be your 5nine management server which needs a SQL database (minimum MS SQL Express) and all Hyper-V Hosts are connected to this management server.
  • The Host Management Service – which is basically the software and agent running on the Hyper-V host itself.
  • The Management Console – The console where you can configure everything. The console is simply connected to the management server.
  • The Virtual Machine Manager Plugin – This is a plugin in VMM which allows you to manage rules directly from your System Center Virtual Machine Manager Console
  • Azure Pack Extension – Resource Provider installed on the WAP Tenant and WAP Admin servers

Impressions

5nine host service

5nine is a very light weight solution for the Hyper-V host with not a lot of overhead. On the Hyper-V host you have only two service running and the Hyper-V switch extensions.

5nine-switch-extension

 

Conclusion

Overall I think 5Nine Cloud Security is a must have solution to protect your Hyper-V environment, if you want to do more serious centralized managed security. Especially with the release of 5nine Cloud Security 8.1 directly with the release of Windows Server 2016, 5nine shows how great their development and integration in Hyper-V really is. It always supports the latest features of Hyper-V solve real world needs.

If you need more information, want to buy 5nine Cloud Security or if you need someone to help you integrated 5nine Cloud Security in your environment, feel free to contact me.

 

 



Microsoft MVP 2014

Microsoft MVP 2016 Cloud and Datacenter Management

I am proud to announce that I just received my 5th Microsoft MVP Award for my focus in Cloud & Datacenter Management.

Microsoft MVP Award 2016

Congratulations! We are pleased to present you with the 2016 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Cloud and Datacenter Management technical communities during the past year. Also in this email:

  • About your MVP Award Gift
  • How to claim your award benefits
  • Your MVP Identification Number
  • MVP Award Program Code of Conduct

The Microsoft MVP Award provides us the unique opportunity to celebrate and honor your significant contributions and say “Thank you for your technical leadership.”

 

Patrick Malone
Director
Community & Advocacy Programs
Microsoft

 

This is the 5th Microsoft MVP award in a row since 2012, 2013, 2014 and 2015. The Microsoft MVP award and the included opportunities add a huge benefit like the Microsoft MVP summit where you have the chance to talk to the Microsoft Product Groups, learn and place feedback. But of course the Microsoft MVP award also adds some other great advantages. In the past years I had the chance to travel all over the world and speak in different countries and events, and I met a lot of great people, which also became great friends.

Of course there are a lot of people I have to thank, but I want to keep the list as short as possible. I would like to thank my employer itnetX which is supporting me in the best possible way year over year, my current and former colleagues, the Microsoft MVP community and of course Microsoft employees in Redmond and all over the world.

Get more information about the Microsoft MVP award: Microsoft MVP Award Website

 



SCU Europe 2015 Azure Pack

Speaking at System Center Universe Europe 2016 in Berlin

I am proud to announce that I will speak at System Center Universe Europe 2016 Conference at August 24-26 in Berlin. System Center Universe is a community conference with a strong focus on systems management and virtualization topics such as cloud, datacenter and modern workplace management.  We present top content with top presenters around Microsoft Windows Server, System Center, Microsoft Azure, Office 365, Microsoft Hyper-V and more and want to build the number one conference for those kind of topics across Europe.

I was happy to speak in the past three events at SCU Europe, check out my recaps:

I will speak in two breakout sessions, early morning discussion and I am also part of the ask the experts area for Cloud and Datacenter.

The best of Windows Server 2016

Join this session for the Best of Windows Server 2016 — The New Foundation of your Datacenter. You’ll be one of the first to know about new, exciting improvements that are coming in Windows Server 2016 and how they’ll improve your day-to-day job. In this hour-long presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations including:

•Hyper-V 2016 features

•Nano Server

•Storage Spaces Direct

•Storage Replica

•Windows Server Containers

•And more!

What's new in Windows Server 2016 Hyper-V

With the next version of Microsoft hypervisor Microsoft released some great new features for your Cloud infrastructure. Come to this session to get the details of all the new stuff that is in Hyper-V and learn about how you can play with it “hands-on.” This session includes also the latest updates from the Technical Previews.

Nano Server and Containers better together!

Have a look at the latest Cloud Technologies from Microsoft. Learn about the next Microsoft Cloud Platform Server called Nano Server and Windows Containers. Both solutions are built for the future and will fundamentally change how we do IT. Learn why we need Nano Server and Windows Containers and how we deploy, manage and operate them.

SCU Europe

You can expect a top quality conference with top quality content. During the conference you have many options to learn and connect. Beside learning we guarantee that you will also have a lot of fun at our parties and make new friends. Here we go with a list of available options you have during the conference:

  • 3 conference days
  • 75+ breakout sessions
  • 1 Keynote session
  • 1 Closing session
  • 1 Pre-Party session
  • 5 parallel tracks
  • Lots of Microsoft MVPs on site
  • Ask the experts area
  • Exhibition area (partners)
  • 1-to-few side meetings
  • Top WiFi infrastructure
  • Power available everywhere
  • Food & beverages
  • Networking Party
  • Closing Party
  • Good connected historical city
  • Hotels near the venue

It is going to be a great conference with a lot of skilled people and a lot to learn and of course a lot of fun. So hopefully see you in Berlin!



SCU Europe 2015 Azure Pack

You can now watch my System Center Universe Europe 2015 Sessions on Channel9

Great news today, some of my sessions I did at System Center Universe Europe 2015 in Basel, are now available on Microsoft Channel9. You can watch them directly on Channel9 with a lot of other great sessions from SCU Europe 2015, or you can just watch them here:

Nano Server the next generation of Cloud Server in your datacenter

In this session we will walk you through how Nano Server is changing the fundamental way we look at fabric Servers and workloads. Nano Server will change the way we build servers and solve fundamental challenges which we have encountered over the pact years embracing cloud fundamentals. Speaking together with Kristian Nese (Microsoft MVP)

What’s new in Windows Server 2016 for Hyper-V


With Windows Server 2016 Microsoft adds again exiting features to its Virtualization Platform. Learn in this session what Shielded VMs, Rolling Cluster Upgrades, Storage Spaces Direct, Hyper converged, PowerShell Direct, Windows Containers, and much more is and how you can profit from these new technologies. Speaking together with Carsten Rachfahl (Microsoft MVP)

Azure Site Recovery, 365 days later

Disaster Recovery, everyone talks about it – everyone claims they have it! But does it really work as expected?! Join us in the session about Azure Site Recovery, the business continuity service from Microsoft for all cloud platforms, on-premise – service providers – public cloud. You will learn how your company or customers can use ASR in their datacenter and which new scenarios have been added in the last 365 days, since we presented this topic at SCU 2014. Speaking together with Michel Lüscher (Microsoft)

Are ITIL and System Center BFFs?


In the modern world where organizations are facing new challenges to be more competitive, they are looking for better ways to improve the quality and efficiency of their IT Service delivery using the ITIL framework. Gain valuable insights and best practices on how you can adopt the ITIL framework to Microsoft System Center and OMS from real world experiences together with Savision, Jonas Lenntun, CEO and Solution Architect at Approved Consulting, and Microsoft MVPs: Robert Hedblom, Kristian Nese, Kevin Greene and Thomas Maurer.